Or at least not entirely useless

Like 750 or so others, I spent last week at the Mall of America attending the Midwest Management Summit (MMS) put on by the Minnesota System Center User Group. This was my fourth trip and first as a presenter. If you’ve never been: MMS is part technical conference, part user group, part focus group, and pretty much the biggest therapy session you’ll ever find as a ConfigMgr admin.

If you want marketing material and lectures go to Ignite or something. If you want questions answered, go to MMS. It really is that simple. I always go to MMS with a list of questions I want answered. I tell everyone who will listen: Open OneNote right now and open a page called MMS 2019. Spend the next 11 months writing down questions you want answered. Don’t leave MMS without those answers.

In this post I’m not going to try and tell you everything I learned or even every question I had. Instead I’m going to try and focus on the macro-level questions that I’ve seen come up again and again in the Twitter, Reddit, and Slack communities.

InTune?! Get off my lawn!

This is a hot topic in the ConfigMgr community. It’s even escalated to the point of in-fighting at organizations (see here). The continued investment and heavy marketing push by Microsoft behind InTune has a lot of long-time ConfigMgr administrators questioning their job security. Last September, Microsoft’s marketing arm did little to assuage those fears at their Ignite conference. Intentional or otherwise, the message seemed clear: traditional management equals ConfigMgr, modern management equals InTune, and any sane IT organization should be moving towards modern management and minimizing if not outright ditching traditional management. I’ve found this confusing because in the last 3 years Microsoft has poured tons of effort and thus money in moving ConfigMgr to an Agile development model that pumps out a new release every month. If you believe a product is dead you tend not to invest heavily in it.

There was a session at MMS focused specifically on InTune with some InTune program managers. At the start of the Q&A, David James strolled in so the timing seemed right. I pressed the issue, describing the story that my management seemed to be getting from MS marketing. In short, they acknowledged the messaging problem and apologized. The strategy, as far into the future as they can reasonably plan (say 5 years at the max), has both products not only existing but being further integrated together via co-management. The theme was to find ways for the products to work ‘better together’. Not quite sure that became an official slogan but it got darn near it.

Move to the Cloud? ConfigMgr’s Already There

Related, the team talked about how ConfigMgr has been moving and adopting the cloud already. The Cloud Management Gateway (CMG) was a big step and is clearly intended as more than just a strict Internet Based Client Management (IBCM) replacement. Over time the plan is to close the gap of what’s possible off-prem not only in terms of the clients but the infrastructure itself. For instance, they recently came out as officially supporting task sequences over the internet via CMG. A lot of the ‘fast channel’ features also work across the CMG. Which brings us to …

Slow Moving Software … No More?

The story told briefly at MMS was that when the team decided to incorporate Forefront Endpoint Protection into the product they wanted some way of getting around the usual lag time involved in releasing policy, waiting for clients to pick it up, and (cross your fingers) applying it. So in ConfigMgr 2012 they created something internally referred to as the ‘Big Great Button’ (BGB) or more formally the ‘fast channel’. The feature has been around for a while, we’ve all been using it, and according to the team it has been tested at a scale none of us are likely to see (over 1 million clients). As such, they are starting to look for other ways to use the channel. The script feature was one of the first that we saw. At MMS they demoed a feature included in TP 1805 called CMPivot which uses the fast channel to query devices in all sorts of ways in real-time and lets you slice and dice the results as they come in. At the annual hackathon both teams showed a real-time dashboard for Task Sequences, again using the fast channel. It’s clear that the team has a new toy and they’re looking for ways to use it to get the product out from under the old S.M.S. moniker.

Distribution Point? We Don’t Need No Stinking DP

If you were uncertain before let it be known: the team hates distribution points. That might be taking it a bit far but they seem hell-bent on making the no-DP scenario the logical choice for many. Yes, there’s too many technologies in play with Branch Cache, Peer Cache, and now Delivery Optimization confusing things. The team is continuing to develop Peer Cache (some thought it was dead) to fill a gap that BC/DO doesn’t fill (ex. WinPE/OSD). They’re working towards a future where managing all three is dead-simple and your client seamlessly picks the best choice.

With TP 1805 they’ve announced support for LEDBAT which dynamically throttles a download if there’s a bottleneck impacting other traffic. Unfortunately there’s a LEDBAT bug in Server 2016 that they ‘hope’ the Windows Server team fixes. For now, it’s only supported in Windows Server 1709 which is only available in core or nano versions. They’re focusing on DP to Client traffic first (for values of client including Pull DPs) which struck me as odd until Johan pointed out that LEDBAT would be awesome in the no-DP scenario to avoid that ‘first client’ congestion problem:

Useful when having remote sites with no DP’s, even with P2P, the first client must get the stuff from somewhere.

I’m also working on a “POC” for using LEDBAT for SiteServer to DP traffic, thinking it might be more efficient than current sender. More testing needed though.

Twitter? I Hate Twitter!

This is another beef/argument/grumpy old man thing that I see often on Reddit, Slack and … well … pretty much everywhere but Twitter. Generally speaking, here’s the sentiment: “I pay goodness knows how much for this product and its accompanying support … why should I have to use Twitter to find out it’s broken?” I talked to several members of the team at MMS and they were pretty well unanimous on this topic. They work in a big organization. That organization has layers upon layers of management and marketing. Writing a blog post is an exercise in frustration and bureaucracy. Instead, they just post something to Twitter and then take crap about it from the ‘chain of command’. Don’t like Twitter? Ain’t got time for that? Too bad, go follow David James if you want timely information. If anyone else posts something super important he’s going to like or retweet it outright. Like 5 minutes a day, tops. Stop complaining.

Software Updates: When Will The Hurting Stop?

Somewhat unintentionally, I’ve been harping on software updates a lot since staring this blog. I am responsible for other things in my organization. I HAVE PEOPLE SKILLS! WHAT’S WRONG WITH YOU PEOPLE! That being said, let’s all agree that it’s been a bit of a shit-show this last year. I went to MMS to give two sessions on software updates and came with a few questions of my own.

First, there is officially a WSUS product team. I couldn’t get anyone to say this outright but the suggestion seemed to be that there wasn’t one for a while or that they were all dead inside and unable or unequipped to do much.

Second, the Configuration Manager Product team is meeting with the WSUS team weekly. There’s some hope, a fools hope maybe, that some of this terribleness will be addressed. There was rumor that some strategic indexes (a la AdamJ’s script?) might be officially supported/implement to drastically speed up WSUS. Personally, I think the whole architecture of generating delta catalog at the expense of CPU and Memory is an idea whose time is past. However, WSUS is essentially a victim of its own success so there’s little chance of burning it to the ground and starting anew.

Third, the product team has heard our cry and wishes to bandage our wounds and ease our pain. TP 1805 implements my user voice item (UVI): When Expiring Updates based on Supersedence Rules also Decline them in WSUS. Now, one can do much … much … better than just declining superseded updates but this is going to help an insane amount of organizations. Not everyone is sold on running scripts written by random wackos on the internet and by golly … they just shouldn’t have to.

The End

So there you have it, my first MMS review thingy. I learned a crap-ton of other more technical things but no one wants to hear about all that. Heck, in all likelihood no one wanted to hear the above either. I just felt like typing I guess so there you have it.